关于绿盟科技 绿盟科技集团股份有限公司（以下简称绿盟科技），成立于 2000 年 4 月，总部位于北京。公司于 2014 年 1 月 29 日起在深圳证券交易 所创业板 上市，证券代码：300369。绿盟科技在国内设有 40 多个分支 机构，为政府、运营商、金融、能源、互联网以及教育、医疗等行业用户， 提供全线网络安全产品、全方位安全解决方案和体系化安全运营服务。 公司在美国 硅谷、日本东京、英国伦敦、新加坡设立海外子公司，深入 开展全球业务，打造全球网络安全行业的中国品牌。 关于伏影实验室 专注于安全威胁监测与对抗技术的研究，涵盖 APT 高级威胁、 Botnet、DDoS 对抗、流行服务漏洞利用、黑灰产业链威胁及数字资产 等新兴领域。 研究目标是掌握现有网络威胁，识别并追踪新型威胁，精准溯源与 反制威胁，降低风险影响，为威胁对抗提供有力决策支持。 采用前沿技术探索与实战对抗相结合的研究模式，协助国家单位破 获 APT 攻击案件数起，全球率先发现 8 个新型 APT 攻击组织，处置 40 多起涉我 APT 攻击事件，为国家重大网络安保做出突出贡献。 版权声明 本文中出现的任何文字叙述、文档格式、插图、照片、 ...

绿盟科技集团股份有限公司 绿盟科技集团股份有限公司（以下简称绿盟科技），成立于 2000 年 4 月，总部位于北京。公司于 2014 年 1 月 29 日在深圳证券交易所创业板上市，证券代码：300369。绿盟科技在国内设有 50 余个分支机构，为政 府、金融、运营商、能源、交通、科教文卫等行业用户与各类型企业用户，提供全线网络安全产品、全方位安 全解决方案和体系化安全运营服务。公司在美国硅谷、日本东京、英国伦敦、新加坡及巴西圣保罗设立海外子 公司和办事处，深入开展全球业务，打造全球网络安全行业的中国品牌。 广州大学网络空间安全学院 广州大学网络空间安全学院于 2022 年 7 月成立，学院秉承"博学笃行，与时俱进"校训精神，以名誉院 长方滨兴院士提出的三个驱动（学术驱动、指南驱动、市场驱动）为指导思想，以培养服务国家的一流网络空 间安全人才为己任，以取得国家急需、世界一流、不可替代的研究成果，引领产业技术发展为目标，持续打造 一流师资队伍和一流平台条件。 学院现有专任教师 43 人，包括教授 23 人（特聘教授 10 人），副教授 17 人，讲师 3 人，其中：中国 工程院院士 1 名、国家重大工程项目专家 ...

Investment Rating - The report does not explicitly provide an investment rating for the low-altitude economy sector Core Insights - The low-altitude economy is emerging as a significant driver of economic growth, with applications ranging from drone logistics to urban air mobility, and is projected to reach a market size of 2.32 trillion yuan by 2024, with a compound annual growth rate (CAGR) of 11.51% over the next five years [11][27] - The rapid development of the low-altitude economy has highlighted the critical importance of cybersecurity, which is essential for ensuring the sustainable growth of this sector [11][21] - A comprehensive cybersecurity framework is proposed, focusing on business systems, industry collaboration, threat classification, emergency response, and supply chain security to address the complex and dynamic cybersecurity risks faced by the low-altitude economy [11][76] Summary by Sections 1. Industry Dynamics - The low-altitude economy is rapidly becoming a new engine for global economic growth, showcasing significant development potential and market prospects [20] - Various regions are demonstrating unique advantages in promoting the development of the low-altitude economy, particularly in technology innovation and application promotion [20][22] 2. Relevant Standards and Policies - A multi-layered framework of standards and policies related to low-altitude economy cybersecurity has been established, covering international, national, industry, and local levels [48] - Existing standards and policies require further refinement to effectively meet the specific needs and development trends of the low-altitude economy [48] 3. Cybersecurity Risks - The cybersecurity risks in the low-altitude economy are diverse and complex, including human-machine collaboration, system compatibility, communication reliability, illegal flights, and data security [64][66] - Major risk factors include technical failures, human errors, and environmental factors, which can significantly impact the safety and operation of low-altitude economic activities [66][68] 4. Cybersecurity Framework - The cybersecurity framework for the low-altitude economy emphasizes integrating security factors into business decision-making processes and fostering collaboration among various stakeholders [76][82] - The framework includes a focus on the security of onboard intelligent algorithms, threat classification, emergency response, and supply chain security [76][109] 5. Future Trends - The report anticipates that the low-altitude economy will continue to evolve, necessitating ongoing advancements in cybersecurity measures to protect against emerging threats [11][18]

Investment Rating - The report does not explicitly provide an investment rating for the low-altitude economy sector Core Insights - The low-altitude economy is emerging as a significant driver of economic growth, with applications ranging from drone logistics to urban air mobility, and is expected to reach a market size of 2.08 trillion yuan in 2023, growing to 2.32 trillion yuan in 2024, with a compound annual growth rate of 11.51% over the next five years [14][16] - Network security is a critical concern for the sustainable development of the low-altitude economy, necessitating a comprehensive security framework that includes business systems, industry cooperation, threat classification, emergency response, and supply chain security [2][41] Summary by Sections Low-altitude Economy Development Overview - The low-altitude economy utilizes airspace resources below 3,000 meters, involving various aircraft types, including drones and eVTOLs [12] - The global low-altitude economy market is projected to grow significantly, with North America leading due to policy support and technological innovation, holding over 40% market share [14][15] Low-altitude Economy Network Security Standards and Policies - A multi-layered framework of standards and policies has been established, covering international, national, industry, and local levels, although further refinement is needed to meet the specific needs of the low-altitude economy [26][28] Low-altitude Economy Network Security Risks - The low-altitude economy faces diverse and complex security risks, including human-machine collaboration, communication reliability, system compatibility, illegal drone flights, and network security threats [31][32][33][35][36] Low-altitude Economy Network Security System - A robust network security system is essential for the low-altitude economy, focusing on integrating security into business processes, fostering industry collaboration, and enhancing threat classification and emergency response capabilities [41][62] Low-altitude Economy Network Security Trends - The report emphasizes the need for continuous improvement in security measures, including data encryption, integrity verification, and the adoption of advanced technologies to mitigate risks associated with the low-altitude economy [60][64]

Industry Overview - The report focuses on the global cloud data leakage risks in the first half of 2024, highlighting the increasing security risks associated with public and hybrid cloud environments [7] - A total of 16 cloud data leakage incidents occurred globally in the first half of 2024, involving approximately 1.2 billion pieces of personal data [7] - The United States experienced the highest number of incidents (8), with retail being the most affected industry, accounting for 940 million leaked records [7] Key Incidents - **Escapada Rural**: A Spanish rental company leaked 2.9 million customer records due to misconfigured Amazon S3 storage [13][14] - **Glosbe**: An online dictionary exposed nearly 7 million user records, including encrypted passwords and social media identifiers, due to an unprotected MongoDB database [17][18] - **Google Firebase**: Over 125 million user records were exposed across 900 websites due to hardcoded Firebase credentials [21][22] - **Ticketmaster**: Approximately 560 million user records were leaked, including payment information, due to a credential leak in Snowflake [36][37] - **AT&T**: Around 110 million user call records were stolen from Snowflake, marking another major credential-based breach [48][49] - **Toyota**: 240GB of employee and customer data, including financial and contract information, was stolen by a hacker group [52][53] Incident Analysis - **Miscellaneous Errors**: 11 out of 16 incidents were caused by misconfigurations, leading to 25.67 million data leaks [7] - **System Intrusion**: 4 incidents involved system intrusions, resulting in 1.05 billion data leaks [7] - **Basic Web Application Attacks**: 1 incident was due to web application attacks, exposing 125 million records [7] Security Recommendations - **For Misconfigurations**: Implement access control lists (ACLs), disable anonymous access, and monitor access requests [58][59][60] - **For System Intrusions**: Enable multi-factor authentication (MFA), rotate access keys, and encrypt sensitive data [61] - **For Web Application Attacks**: Establish anti-crawling mechanisms, enforce MFA, and limit login attempts [62] Conclusion - The report emphasizes the importance of understanding cloud data leakage risks and provides detailed insights into attack techniques using the MITRE ATT&CK framework [65] - Green Alliance Innovation Research Institute continues to monitor cloud risks and has developed tools like Fusion for automated asset detection and risk assessment [65][66]